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WHAT IS CLAIMED IS: 



1 1 . A method of establishing a secure communication path 

2 between two computer systems comprising: 

3 creating a communication path to exchange data such as 

4 identification data and digital certification 

5 data between the two systems; 

6 determining, based on the identification data, whether 

7 to confirm the digital certification data; and 

8 creating a secure communication path, without 

9 confirming the digital certification data if it 

10 is determined the digital certification data 

11 should not be confirmed, or after confirming the 

12 digital certification data if it is determined 

13 that the digital certification data should be 

14 confirmed. 

1 2. The method as described in claim 1 wherein the 

2 determining step includes the step of consulting an 

3 internal table, the internal table including 

4 identification data of all computer systems whose 

5 digital certification need not be confirmed. 

1 3. The method as described in claim 2 wherein the two 

2 computer systems include a local and a remote computer 

3 system, the exchanged data further including one or 

4 more authentication proposals from the local computer 

5 system and a selected authentication proposal from the 

6 remote system. 



1 4. 



The method as described in claim 1 further comprising: 



. Docket No. AUS9-2000-0924-US1 47 Atty. Ref. No. IBM- 1006 

2 selecting an access method in response to determining 

3 to confirm the digital certification data; and 

4 invoking the selected access method. 

5 5. The method as described in claim 1 further comprising: 

6 selecting a local-remote pair from an endpoints table 

7 corresponding to the computer systems; 

8 selecting a policy from a policy table based on the 

9 selected local-remote pair, the policy including 

10 one or more access methods; and 

11 transmitting one or more security proposals 

12 corresponding to the selected policy to the 

13 remote computer system. 

1 6. The method as described in claim 1 further comprising: 

2 receiving a remote digital certificate from the other 

3 computer system; and 

4 verifying that a signing certificate included in the 

5 remote digital certificate corresponds to a 

6 certification authority. 

1 7. The method as described in claim 1 further comprising: 

2 digitally signing a message using a private key 

3 corresponding to one of the computer systems; and 

4 sending the signed message to the other computer 

5 system. 

1 8. An information handling system comprising: 

2 one or more processors; 

3 a memory accessible by the processors; 

4 a nonvolatile storage accessible by the processors; 

5 a network interface connecting the information 

6 handling system to a computer network; and 
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7 a network security tool to create a secure path 

8 between computer systems , the network security 

9 tool including: 

10 means for creating a non-secure communication 

11 path to exchange data such as identification 

12 data and digital certification data between 

13 the two systems; 

14 means for determining, based on the 

15 identification data, whether to confirm the 

16 digital certification data; and 

17 means for creating a secure communication path, 

18 without confirming the digital certification 

19 data if it is determined the digital 

20 certification data should not be confirmed, 

21 or after confirming the digital 

22 certification data if it is determined that 

23 the digital certification data should be 

24 confirmed. 

1 9, The information handling system as described in claim 

2 8 wherein the means for determining includes means for 

3 consulting an internal table, the internal table 

4 including identification data of all computer systems 

5 whose digital certification need not be confirmed. 

1 10. The information handling system as described in claim 

2 9 wherein the two computer systems include a local and 

3 a remote computer system, the exchanged data further 

4 including one or more authentication proposals from 

5 the local computer system and a selected 

6 authentication proposal from the remote system. 
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1 11. The information handling system as described in claim 

2 8 further comprising: 

3 means for selecting an access method in response to 

4 determining to confirm the digital certification 

5 data; and 

6 means for invoking the selected access method. 

7 12. The information handling system as described in claim 

8 8 further comprising: 

9 means for selecting a local-remote pair from an 

10 endpoints table corresponding to the computer 

11 systems ; 

12 means for selecting a policy from a policy table based 

13 on the selected local-remote pair, the policy 

14 including one or more access methods; and 

15 means for transmitting one or more security proposals 

16 corresponding to the selected policy to the 

17 remote computer system. 

1 13. The information handling system as described in claim 

2 8 further comprising: 

3 means for receiving a remote digital certificate from 

4 the other computer system; and 

5 means for verifying that a signing certificate 

6 included in the remote digital certificate 

7 corresponds to a certification authority. 

1 14. A computer program product stored on a computer 

2 operable medium for providing one or more secure 

3 connections from a computer system, said computer 

4 program product comprising: 
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5 means for creating a non-secure communication path to 

6 exchange data such as identification data and 

7 digital certification data between the two 

8 systems; 

9 means for determining, based on the identification 

10 data, whether to confirm the digital 

11 certification data; and 

12 means for creating a secure communication path, 

13 without confirming the digital certification data 

1 4 if it is determined the digital certification 

15 data should not be confirmed, or after confirming 

16 the digital certification data if it is 

17 determined that the digital certification data 

18 should be confirmed. 

1 15. The computer program product as described in claim 14 

2 wherein the means for determining includes means for 

3 consulting an internal table, the internal table 

4 including identification data of all computer systems 

5 whose digital certification need not be confirmed. 

1 16. The computer program product as described in claim 15 

2 wherein the two computer systems include a local and a 

3 remote computer system, the exchanged data further 

4 including one or more authentication proposals from 

5 the local computer system and a selected 

6 authentication proposal from the remote system. 

1 17. The computer program product as described in claim 14 

2 further comprising: 

3 means for selecting an access method in response to 

4 determining to confirm the digital certification 

5 data; and 
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6 means for invoking the selected access method, 

7 18. The computer program product as described in claim 14 

8 further comprising: 

9 means for selecting a local-remote pair from an 

10 endpoints table corresponding to the computer 

11 systems; 

12 means for selecting a policy from a policy table based 

13 on the selected local-remote pair, the policy 

14 including one or more access methods; and 

15 means for transmitting one or more security proposals 

16 corresponding to the selected policy to the 

17 remote computer system. 

1 19. The computer program product as described in claim 14 

2 further comprising: 

3 means for receiving a remote digital certificate from 

4 the other computer system; and 

5 means for verifying that a signing certificate 

6 included in the remote digital certificate 

7 corresponds to a certification authority. 

1 20. The computer program product as described in claim 14 

2 further comprising: 

3 means for digitally signing a message using a private 

4 key corresponding to one of the computer systems; 

5 and 

6 means for sending the signed message to the other 

7 computer system. 
1 



